The security auditing subsystem
allows for protection of your security audit data by increasing the
assurance that the audit data has not been tampered or modified outside
of the auditing facility. This option also protects the confidentiality
of the data. The audit data is protected by encrypting and signing
the recording data.
Before you begin
Restriction: Signing
and encrypting your audit data is only available for data created
using the default binary log audit service provider. If you are using
the SMF emitter or a 3rd party emitter you will not be able to sign
or encrypt your data.
Before configuring protection for your
security audit data, enable global security and security auditing
in your environment. You must be assigned the auditor role to complete
the task of protecting your audit data. You will also need the administrator
role to configure your audit data to be signed.
About this task
The
practice of auditing requires assurances that your audit data is accurate
and uncompromised. Your audit data has the option to be encrypted,
signed, or encrypted and signed. You can protect your audit data using
these options to provide assurances that you data is only viewed by
authorized users and can not untraceably be modified . To protect
the validity of your security auditing functionality, complete the
following steps:
Procedure
- Encrypting your security audit records Audit
logs can be encrypted to ensure your audit data is protected. The
audit logs will be encrypted using a certificate that is saved to
a keystore in the audit.xml file. By encrypting your audit
records, only users with the password to the keystore will be able
to view or update the audit logs.
- Signing your security audit records Audit
logs can be signed to ensure the integrity of your audit data. By
signing your audit records, you ensure any modifications of the audit
logs can be traced.
Results
After completing
these steps your data will be signed, encrypted or signed and encrypted
to provide assurances that the data is accurate and confidential.
What to do next
After protecting your data, you can configure notifications
to ensure you are notified if a problem with the security auditing
subsystems occurs that prevents security events from being recorded.